Wednesday, April 18, 2012

How to find a vuln?

Ok maybe before trying to write an exploit maybe I need to find a vuln first ? There are a few ways to go about doing this depending on your skill level.

1. Use vulns that are found by others and published. Search the target application in the vulnerability database.
An collection of vulns from various sources
A official source of vulns.

2. Use a vulnerability scanner to scan the target application. Do note that no product is the best, all of them have their pros and cons, the more you know about the topic of vulnerability assessment the more you realise how limited they are.
Nessus
Internet Security Scanner
Nexpose

3. Fuzzing the target application to find the vuln(s). Fuzzing is a complex topic and there are various books and papers published on this topic. Lets just say its easy to do fuzzing but its not easy to fuzz and find vulns.
A blog post on fuzzing by LUPIN

4. Reverse Engineering(RE) the target application to find the vuln(s). Reverse Engineering is a very very complex topic. There are many sites and book on this topic. However, my short experince on RE tell me one thing, JUST DO IT. The more RE you do the better you get.
Excellent site to find info on RE

5. Source Code review. This method only work if you have access to the source code and you are able to understand the code very well. This method can take alot of time and its a challenge to be comprehensive.
I have no experience in this but I know someone who is good at this. I will put a link to this blog on his thoughts for code review when he start blogging.

How to write an exploit ?

I personally has heard many people asked "How to write an exploit ?" including myself. I begin my journey of answering this question. I can recommend the following sites which I rely on to guide me on this journey.


A list to help people in process of learning exploit 
This an excellent place to start if you are a complete noob.

Corelan Exploit Writing Tutorials
This site contains step by step guide to write exploits. Corelan provides additional theory and explanations needed to write exploits.

Exploit writing tutorials by LUPIN
This site contains step by step guide to write exploits. Another great source to go to learn how to write exploits


Wiki on writing exploits
This wiki contains a lot of references on articles related to exploit writing. I don't recommend to start here if you are a complete noob.

The road ahead....

This is the first blog post to document all my personal learnings on how to find vulns. My work is focused on vulns in Windows OS. I hope my blog can be contribute to the security community, whether you are a newbie wondering how to start or an expert who need a tip or two. I pray that my blog will be of help to you. God Bless